<?php
require('conexion.php');
SWITCH ($_REQUEST['routine'])
{
	CASE 'login':
	{
		header('Content-Type: text/xml');
		$xml = "";
		$xml.= "<?xml version='1.0' encoding='UTF-8' ?>";
		$xml.= "<xml>";
		$SELECT = mysql_query("SELECT * FROM sys_usuarios WHERE usuario = '" . $_REQUEST['usuario'] . "' AND password = '" . md5($_REQUEST['password']) . "'");
		$xml.= "<login";
		$xml.= " ok = '";
		IF ($CONS = mysql_fetch_array($SELECT))
		{
			$xml.= "1";
		}
		$xml.= "' />";
		$xml.= "</xml>";
		echo $xml;
		break;
	}
	CASE 'sql':
	{
		header('Content-Type: text/xml');
		$xml = "";
		$xml.= "<?xml version='1.0' encoding='UTF-8' ?>";
		$xml.= "<xml>";

		$_REQUEST['sql'] = ReplaceBadCharacters($_REQUEST['sql']);
		$SELECT = mysql_query($_REQUEST['sql']);
		FOR ($i=0; $i < mysql_num_fields($SELECT); $i++)
		{
			$COL = mysql_fetch_field($SELECT, $i);
			$xml.= "<fields";
			$xml.= " name = '" . $COL->name . "'";
			$xml.= " type = '" . $COL->type . "'";
			$xml.= " not_null = '" . $COL->not_null . "'";
			$xml.= " table = '" . $COL->table . "'";
			$xml.= " />";
		}
		$xml.= "</xml>";
		echo $xml;
		break;
	}
	CASE 'runQuery':
	{
		$_REQUEST['query'] = str_replace("_*_", "'", $_REQUEST['query']);
		$_REQUEST['query'] = ReplaceBadCharacters($_REQUEST['query']);
		$SQL = mysql_query($_REQUEST['query']);
		if (mysql_error())
		{
			echo mysql_error();
		}
		else
		{
			echo mysql_insert_id();
		}
		break;
	}
	CASE 'getData':
	{
 		header('Content-Type: text/xml');
		$xml = "";
		$xml.= "<?xml version='1.0' encoding='UTF-8' ?>";
		$xml.= "<xml>";
		$_REQUEST['sql'] = ReplaceBadCharacters($_REQUEST['sql']);
		IF ($_REQUEST['fields'] != '')
		{
			$_REQUEST['fields'] = explode(", ", $_REQUEST['fields']);
		}
		$SELECT = mysql_query($_REQUEST['sql']);
		WHILE ($CONS = mysql_fetch_array($SELECT))
		{
			$xml.= "<reg";
			FOR ($i=0; $i < mysql_num_fields($SELECT); $i++)
			{
				$COL = mysql_fetch_field($SELECT, $i);
				IF ($_REQUEST['fields'] != '')
				{
					FOR ($j=0; $j <= strlen($_REQUEST['fields']); $j++)
					{
						IF ($_REQUEST['fields'][$j] == ($COL->name))
						{
							$xml.= " " . ($COL->name) . "= '" . $CONS[($COL->name)] . "'";
						}
					}
				}
				ELSE
				{
					$xml.= " " . ($COL->name) . "= '" . $CONS[($COL->name)] . "'";
				}
			}
			$xml.= " />";
		}
		$xml.= "</xml>";
		echo $xml;
		break;
	}
	CASE 'getOneData':
	{
 		header('Content-Type: text/xml');
		$xml = "";
		$xml.= "<?xml version='1.0' encoding='UTF-8' ?>";
		$xml.= "<xml>";
		$_REQUEST['where'] = ReplaceBadCharacters($_REQUEST['where']);
		$SELECT = mysql_query("SELECT * FROM " . $_REQUEST['table'] . " WHERE " . $_REQUEST['where'] . " LIMIT 1");
		WHILE ($CONS = mysql_fetch_array($SELECT))
		{
			$xml.= "<reg";
			FOR ($i=0; $i < mysql_num_fields($SELECT); $i++)
			{
				$COL = mysql_fetch_field($SELECT, $i);
				$xml.= " " . ($COL->name) . "= '" . $CONS[($COL->name)] . "'";
			}
			$xml.= " />";
		}
		$xml.= "</xml>";
		echo $xml;
		break;
	}
	CASE 'parseoXML':
	{
// 		$_REQUEST['xml'] = str_replace("\\", "", $_REQUEST['xml']);
// 		$xml = simplexml_load_string($_REQUEST['xml']);
// 		foreach ($xml->datos as $datos)
// 		{
// 			echo $datos["nro"];
// 			echo $datos["jeje"];
// 		}
		echo $_SERVER['REMOTE_ADDR'] . " - " . $_SERVER['REMOTE_HOST'] . " - " . $_SERVER['REQUEST_URI'] . " - " . $_SERVER['HTTP_HOST'];
		break;
	}
		CASE 'sendMail':
	{
		$to = $_REQUEST['mailTo'];
		$from = $_REQUEST['from'];
		$replyTo = $_REQUEST['replyTo'];
		$subjet = $_REQUEST['subject'];
		$body = $_REQUEST['body'];
		$headers = "MIME-Version: 1.0\r\n";
		$headers .= "Content-type: text/html; charset=iso-8859-1\r\n"; 
		$headers .= "From:" .$from. "\n";
		$headers .= "Reply-To:" .$replyTo. "\n";
		$success = mail($to, $subjet, $body, $headers);
		if ($success){
		  echo "ok";
		 }
		else{
			echo "error";
		 }
	}
}

function ReplaceBadCharacters($sql)
{
	$sql = str_replace("\\", "", $sql);

	return $sql;
}
?>
